Authentication

Calqulate uses JWT Tokens (also known as access tokens) to control access to the API.

πŸ“˜

Overview

Access tokens are crucial for user access and authorization. On this page, you can read about Calqulate's token-based authentication in order to be able to access our APIs. You can learn what are access tokens, how to generate one and how to use them.

Access Tokens

Access tokens are used in token-based authentication to allow an application to access an API. The application receives an access token after a user successfully authenticates and authorizes access, then passes the access token as a credential when it calls the target API. The passed token informs the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that was granted during authorization.

Calqulate uses JSON Web Token (JWT) to control access to the API.

JWT Access Tokens conform to the JWT standard and contain information about an entity in the form of claims.
They define a compact and self-contained way for securely transmitting information between parties as a JSON object.


Flow Diagram

This diagram shows a brief overview on how to use Calqulate's API


Prerequisites

Sign up for a user account through our Website. A complete explanation on how to create a Calqulate Account is here.

Once an account is created, a Bearer Token can be generated.


How to generate a Bearer Token

  1. Download any tool that will help making API Calls; Postman for example.
  2. From the Web App, Login & switch to the organization you want to access through the API (Not Mandatory, we will generate token for the last organization you used).
  3. Make a POST Request on https://api.calqulate.io/v3/oauth.
  4. The Body should contain the username and password used to register in our app. Here is an example of the request body:
{
    "username": "[email protected]",
    "password": "!!password!!"
}
  1. With the correct credentials, you will receive the JWT Access Token in the response. The response body will look like this:
{
    "accessToken": "AAAAAAAAAAAAAAAAAAAA-ThisIsYourAccessToken-AAAAAAAAAAAAAAAAAAAA"
}

πŸ“˜

NOTE

The generated JWT will give you access only to the last organization you used from the Web App.

A JWT Access Token is valid for 24 hours. A new one needs to be generated after the token expires.

❗️

NOTE

You are responsible for the security of JWT Token. It should never be publicly exposed.



How to use Calqulate's API

  1. Download any tool that will help you making API Calls; Postman for example.
  2. Get the URI of the resource you want to access on our APIs. You can find all the provided APIs through our API Documentation
  3. Make sure you are sending the required Body or Query Params for the used endpoint.
  4. Add the generated JWT Token in the Request Header. The request header should contain the following
{
    "Authorization": "Bearer AAAAAAAAAAAAAAAAAAAA-ThisIsYourAccessToken-AAAAAAAAAAAAAAAAAAAA"
}
  1. Check the results in the response body.